From what I know, I can connect Meteor A app to Meteor B app by using DDP.connect(url-for-B-app). Does that mean that any app can simply connect to B app by doing DDP.connect? How do I deny/allow connection? Is setting Content Security Policy enough?
You can secure DDP by:
Non-meteor
- Configure your firewall to only allow inbound traffic from certain IP ranges and on cergain ports
Meteor
- You can get information about the connection inside of the method function etc.
this.connection will give you info you can use.
1 Like